Behavior profile mining in intrusion detection system

An efficient profile mining model based on distributed system is proposed, which is used in the intrusion detecting systems. By analysis of network traffic (packets), frequent user behavior profiles are mined, and then by comparing the profile similarity, system behavior can be detected in real-time. Meanwhile, anomaly and misuse behavior profile base can be build automatically as well. Compared with most existing intrusion detection methods, our method is more adaptive, cooperative and the corresponding system is more extensible, intelligent.